From mboxrd@z Thu Jan  1 00:00:00 1970
From: Adolf Belka <adolf.belka@ipfire.org>
To: development@lists.ipfire.org
Subject: Re: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14
 (4.12.13) Security Releases
Date: Fri, 26 Mar 2021 15:18:23 +0100
Message-ID: <94d216bd-28ef-ff30-8220-c3a56a449cbd@ipfire.org>
In-Reply-To: <2F3E0F22-2BC3-44E5-9992-38DF2C34FC71@ipfire.org>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="===============7969017314923798762=="
List-Id: <development.lists.ipfire.org>

--===============7969017314923798762==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable

Hi Michael,

So the samba built with no problem but there was a change to the rootfile.

I have found that the rootfile is under separate directories for each archite=
cture. I did a diff between the x86_64 and the armv5tel and most of the diffe=
rences are just the x86_64 replaced by arm but I also found files where the f=
ilename itself is different between x86_64 and armv5tel with for instance ...=
gnu.so.2 replaced by ....gnueabi.so.2

So I can do the patch with the x86_64 rootfile updated as that architecture i=
s what I am using for my builds. I don't know what to do with the others. Are=
 those automatically updated based on mine or do I have to do something to ge=
t them updated and if so then what?

Regards,
Adolf.

On 25/03/2021 18:50, Michael Tremer wrote:
> Great! Thank you.
>=20
>> On 25 Mar 2021, at 14:44, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi.
>>
>> I will pick it up.
>>
>> Adolf.
>>
>>
>>
>> On 25/03/2021 10:41, Michael Tremer wrote:
>>> Is anyone up for grabbing this?
>>>
>>> We should not be affected by these security issues, but I do not see any =
reasons why we should not update - just in case.
>>>
>>> -Michael
>>>
>>>> Begin forwarded message:
>>>>
>>>> From: Karolin Seeger via samba-announce <samba-announce(a)lists.samba.or=
g>
>>>> Subject: [Announce] Samba 4.14.2 (4.14.1), 4.13.7 (4.13.6) and 4.12.14 (=
4.12.13) Security Releases
>>>> Date: 24 March 2021 at 12:02:14 GMT
>>>> To: samba-announce(a)lists.samba.org, samba(a)lists.samba.org, samba-tec=
hnical(a)lists.samba.org
>>>> Reply-To: kseeger(a)samba.org
>>>>
>>>> Release Announcements
>>>> ---------------------
>>>>
>>>> These are security releases in order to address the following defects:
>>>>
>>>> o CVE-2020-27840: Heap corruption via crafted DN strings.
>>>> o CVE-2021-20277: Out of bounds read in AD DC LDAP server.
>>>>
>>>>
>>>> =3D=3D=3D=3D=3D=3D=3D
>>>> Details
>>>> =3D=3D=3D=3D=3D=3D=3D
>>>>
>>>> o  CVE-2020-27840:
>>>>    An anonymous attacker can crash the Samba AD DC LDAP server by sendin=
g easily
>>>>    crafted DNs as part of a bind request. More serious heap corruption i=
s likely
>>>>    also possible.
>>>>
>>>> o  CVE-2021-20277:
>>>>    User-controlled LDAP filter strings against the AD DC LDAP server may=
 crash
>>>>    the LDAP server.
>>>>
>>>> For more details, please refer to the security advisories.
>>>>
>>>>
>>>> #######################################
>>>> Reporting bugs & Development Discussion
>>>> #######################################
>>>>
>>>> Please discuss this release on the samba-technical mailing list or by
>>>> joining the #samba-technical IRC channel on irc.freenode.net.
>>>>
>>>> If you do report problems then please try to send high quality
>>>> feedback. If you don't provide vital information to help us track down
>>>> the problem then you will probably be ignored.  All bug reports should
>>>> be filed under the Samba 4.1 and newer product in the project's Bugzilla
>>>> database (https://bugzilla.samba.org/).
>>>>
>>>>
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>> =3D=3D Our Code, Our Bugs, Our Responsibility.
>>>> =3D=3D The Samba Team
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>>
>>>>
>>>>
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>> Download Details
>>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>>>
>>>> The uncompressed tarballs and patch files have been signed
>>>> using GnuPG (ID AA99442FB680B620).  The source code can be downloaded
>>>> from:
>>>>
>>>>         https://download.samba.org/pub/samba/stable/
>>>>
>>>> The release notes are available online at:
>>>>
>>>>         https://www.samba.org/samba/history/samba-4.14.2.html
>>>>         https://www.samba.org/samba/history/samba-4.13.7.html
>>>>         https://www.samba.org/samba/history/samba-4.12.14.html
>>>>
>>>> Our Code, Our Bugs, Our Responsibility.
>>>> (https://bugzilla.samba.org/)
>>>>
>>>>                         --Enjoy
>>>>                         The Samba Team
>>>
>> --=20
>> Sent from my laptop
>>
>=20

--===============7969017314923798762==--